Defrag Tools: #57 - New Job, New Systems, 2 Questions and 2 Crashes

Download this episode

Download Video

Description

In this episode of Defrag Tools, Andrew Richards, Chad Beeder and Larry Larsen talk about Andrew's new job, configuring new systems with SSDs and HDDs, answer two questions from a viewer (Barry), and debug two crashes.

[So why is the audio weird in this episode? Well, Andrew accidently hit mute on his mic just before recording. Kaitlin came to the rescue and used the audio from Chad's mic, fixing the levels for hours - Thx Kaitlin]

Resources:
Debugging Tools for Windows
SkyDrive - procdumpext.dll

Timeline:
[00:00] - Andrew's new job - "Send to Microsoft"
[01:53] - How we'd set up machines with SSDs and HDDs
[04:30] - Making a folder on C: (SSD) that redirects to another drive (HDD)
[05:00] - Mount Point via Disk Management
[06:08] - Symbolic Link - mklink /d Link Target
[08:25]Question #1 - "Application Hang" (Event ID 1002)
[08:25]Windows Error Reporting LocalDumps
[12:13]Question #2 - "User reported a hang"
[15:48]Crash #1 - NULL Pointer
[17:30] - Unassemble (backwards and forwards) - ub @rip and u @rip
[17:30] - List module - lmvm <module>
[24:08]Crash #2 - Unloaded Module
[24:39] - List (Unloaded) modules - lm
[25:30] - List Stacks with Unloaded modules - !procdumpext.seek Unloaded
[27:29] - Email us your issues at defragtools@microsoft.com

Window Error Reporting LocalDumps - create Full Dump:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps]
"DumpFolder"="\"C:\\dumps"
"DumpType"=dword:00000002
"DumpCount"=dword:0000000a

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      Magic​Andre1981

      don't RAID0 2 SSDs. The access time goes down and this is the important improvement over traditional HDDs.

      Also only the very newest Intel boards support TRIM in RAID mode!

      [06:08] - Symbolic Link - mklink /d Link Target

      use this tool, which his easier:

      http://bitsum.com/junctionmaster.php

       

    • User profile image
      s3curity​Consult

      Congrats Andrew... You deserve it... I hope you will still help out your viewers if we send you our crashes as well. 

      MagicAndre...I always appreciate when you suggest your tools, you seem to find good ones.  If you have anymore suggestions for great tools like WSCC and junction master, please post a comment with a few tools suggestions...thanks

       

    • User profile image
      Ytterbium

      What's the Pro/Cons of configuring prodump vs the reg tweeks for saving dumps?

    • User profile image
      Magic​Andre1981

      @s3curityConsult

      I'll do this.

      @Ytterbium

       

      you have a better flexibility with WER. You can configure this per application and generate small dumps by default but full dumps of only 1 program you are interested. You can also put the dumps into different folders.

    • User profile image
      JohnLudlow

      Was there something weird with the microphones? Every time Andrew spoke, there was a bunch of background noise (like he was stood next to a noisy air conditioner) and then he dropped out every time someone else spoke.

    • User profile image
      Magic​Andre1981

      @JohnLudlow:

      look at the text between the [] under the description Wink

    • User profile image
      JohnLudlow

      Ah probably should have looked at that first.  Thanks!

      And well done Kaitlin

    • User profile image
      Ytterbium

      @MagicAndre19​81

      I set Procdump as per Andrews instructions before, you can point it to whatever folder you want.  I guess you can configure different dumps with procdump?

      I guess a dump is as dump.

    • User profile image
      Magic​Andre1981

      @Ytterbium:

       

      WER can be configured per application, AeDebug only globally or all.

      With WER I can configure Windows to create minis for all and full for some selected applications.

    • User profile image
      Ronald

      What's the meaning of "Unloaded" : does it mean that the dll is no more mapped into the process' address space ? If so how does Windbg knows what dll was there in the past ?

    • User profile image
      rallymax

      @JohnLudlow:

      yeah... it sounds like his mic was dead and he was being heard from Chad or Larry's.

       

    • User profile image
      windev

      Correct, the DLL is no longer mapped in to the process VA Space. The kernel keeps a record of the modules ever loaded, and the dump is written with this metadata. .dumpdebug will show you the record in the dump metadata streams.

    • User profile image
      S3curityPlu5

      My machines have 16gb of ram so I cannot choose complete memory dump correct?  I remember reading somewhere that if you have more than 4 gb of ram than you can not choose complete memory dump, is this still true for win8 and win8.1?  Another problem, I have noticed is that windows 8.1 and server2012 r2 do not allow you to upgrade and keep your applications, I know that this is not your guys domain, but it is annoying, I am working on a way to allow it to keep my programs installed since I cannot get access to my Adobe desktop apps anymore since the creative cloud garbage has taken over, i dont want to lose my master collection.

    • User profile image
      Magic​Andre1981

      @S3curityPlu5:

      http://www.osronline.com/article.cfm?article=545

      Use the registry to change the dump type to complete.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.